82 Chapter 3 Scams, Identity Theft, and Fraud
Destroy all diskettes, CDs, and flash drives before they are discarded. Most computer
users don’t consider the risk of throwing diskettes in the trash. This is a bad mistake as dump-
ster divers will have a field day. Carefully discarding old storage devices is just as critical as
securing the data in the rst place. Computer hard drives contain a wealth of information.
There are viable security techniques that can be used to destroy this information if a com-
puting device is to be sold or trashed.
LAWS
Individuals and organizations must be aware of various laws that have been enacted to pro-
tect the privacy of electronic data, such as the following:
Health Insurance Portability and Accountability Act (HIPAA).•
HIPAA, which took effect on April 14, 2006, is a set of rules to be followed by doctors,
hospitals, and other healthcare providers. HIPAA helps ensure that all medical records,
medical billing, and patient accounts meet certain consistent standards with regard to
documentation, handling, and privacy. In addition, HIPAA requires that all patients be
able access their own medical records, correct errors or omissions, and be informed
how personal information is shared used. Other provisions involve notification of pri-
vacy procedures to the patient.
Sarbanes- Oxley Act of 2002 (Sarbox or SOX).•
The Sarbanes- Oxley Act became law in July 2002 and introduced major changes to the
regulation of corporate governance and financial practice. The Act establishes a new
quasi- public agency, the Public Company Accounting Oversight Board, or PCAOB,
which is charged with overseeing, regulating, inspecting, and disciplining accounting
firms in their roles as auditors of public companies. The Act also covers issues such as
auditor independence, corporate governance, internal control assessment, and enhanced
financial disclosure.
Gramm- Leach- Bliley Act (GLBA).•
Under the GLBA, financial institutions must provide their clients a privacy notice that
explains what information the company gathers about the client, where this informa-
tion is shared, and how the company safeguards that information. This privacy notice
must be given to the client prior to entering into an agreement to do business.
USA Patriot Act of 2001.•
The Act was passed 45 days after the September 11, 2001, attacks on the World Trade
Center in New York City and the Pentagon in Washington, D.C. It substantially expanded
the authority of U.S. law enforcement agencies for the stated purpose of fighting terror-
ism in the United States and abroad. The acronym stands for: Uniting and Strengthening
America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism
Act of 2001 (Public Law 107-56).
59940_Newman_02Print.indb 82 2/6/09 11:42:30 AM

Get Computer Security: Protecting Digital Resources now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.